Joe Bonneau is one of the smartest young people I’ve met. He was a Gates Scholar at Cambridge and did a PhD in Ross Anderson’s group in the Computer Lab. On July 18, his paper on “The Science of Guessing” won a prestigious award as the Best Scientific Cybersecurity Paper of 2012. But here’s the catch: the Award, which is judged by a panel of distinguished academic experts, is sponsored by the NSA!

Here’s how Joe blogged about it, and explained his thinking.

I’m honored to have been recognised by the distinguished academic panel assembled by the NSA. I’d like to again thank Henry Watts, Elizabeth Zwicky, and everybody else at Yahoo! who helped me with this research while I interned there, as well as Richard Clayton and Ross Anderson for their support and supervision throughout.

On a personal note, I’d be remiss not to mention my conflicted feelings about winning the award given what we know about the NSA’s widespread collection of private communications and what remains unknown about oversight over the agency’s operations. Like many in the community of cryptographers and security engineers, I’m sad that we haven’t better informed the public about the inherent dangers and questionable utility of mass surveillance. And like many American citizens I’m ashamed we’ve let our politicians sneak the country down this path.

In accepting the award I don’t condone the NSA’s surveillance. Simply put, I don’t think a free society is compatible with an organisation like the NSA in its current form. Yet I’m glad I got the rare opportunity to visit with the NSA and I’m grateful for my hosts’ genuine hospitality. A large group of engineers turned up to hear my presentation, asked sharp questions, understood and cared about the privacy implications of studying password data. It affirmed my feeling that America’s core problems are in Washington and not in Fort Meade. Our focus must remain on winning the public debate around surveillance and developing privacy-enhancing technology. But I hope that this award program, established to increase engagement with academic researchers, can be a small but positive step.

This is — as you’d expect — a very adroit and sophisticated post by an interesting and thoughtful man. I’m inclined to agree with him that “America’s core problems are in Washington and not in Fort Meade [the NSA’s HQ]”. I guess that many (most?) of the engineers who work for the NSA (and GCHQ, for that matter) are decent and humane folks. But they must be reaching the point where they realise that there may be tricky ethical problems associated with working in these kinds of organisations, especially when they have no control over what their managerial or political masters do with their work.

The practice of engineering, in whatever speciality, often throws up involve ethical dilemmas, even though many engineers pretend that it doesn’t. After all, they protest, they’re just solving technical problems set to them by their employers. Moral and ethical questions are “above my pay-grade”, as the saying goes.

The first time I ever thought seriously about this was when I met Robert Jan van Pelt, an architectural historian and an expert on Auschwitz. He talked about the architectural and engineering documents pertaining to the design of Auschwitz that had been found in the Soviet archives in Moscow by a British historian. These documents show how professionals working for two firms, one an architectural practice, the other an engineering company which specialised in incinerators, struggled conscientiously to meet the ever-changing needs of a very demanding client — Himmler’s SS — as they sought to increase the capacity and the throughput of the camp. And both groups of professionals clearly understood what Auschwitz was for.

This is NOT to imply any kind of moral equivalence between those who work for outfits like the NSA and those who services the Nazi genocidal programme. But engineering is, like most other kinds of professional practice, drenched in ethical questions. Even as I write this, there are engineers working for arms companies (for example designing lethal unmanned drones, ingenious new fragmentation bombs whose fragments are less easily detected by X-rays or covert online surveillance technology for authoritarian regimes). All medical schools now insist that their students study ethics. Should engineering schools do the same?

George Orwell once observed that watching an idea move through a communist meeting was like watching a flurry of wind move across a ripe cornfield. Each stalk sways briefly and then resumes its upright posture. Much the same goes for the folks who are desperate to make money from online advertising. Once upon a time, they were all obsessing about the ‘social graph’ (i.e. Facebook). Now they’ve moved on to the ‘interest graph’. Just came on a neat explanation of the idea, apparently taken from a Goldman Sachs interview (so you know how seriously to take it).

Social graph signals have not been helpful in optimizing advertising. It seems intuitive to everyone that your friends’ recommendations would be powerful motivators…but when you look a little deeper, you hang out with people who have very different tastes than you. And you may have a special affinity through a hobby or something that they don’t share. One of the mythical high grounds that everyone’s thinking about…is this notion of an interest graph. Facebook connects you with people you know. But what connects you, if you’re into road biking, with the top 15 road bikers that are within 15 miles of where I live? 

[For a platform to] capture the interest graph, they’d be closer to the Google search paradigm, because they’d be right in line with demand generation, and with discovery that relates to product purchases. Context, for the history of the Internet, has been a big deal. The websites that do verticals, while they may not have abundant traffic, have always had huge CPMs, relative to the “Yahoo! Mail”s of the world. That may be this middle ground, between search and the social graph, to bring together people with like interests.

I wonder what the next obsession will be?

As I watched the Twin Towers collapse on September 11, 2001 I wrote this in my diary: “We can kiss goodbye to civil liberties from this day onwards. There’s nothing that democracies won’t do to prevent this ever happening again”. As ever, John Perry Barlow was both more articulate, and more perspicacious. This is what he wrote that day to those on his BarlowFriendz list. (Courtesy of SpiekerBlog.)

This morning’s events are roughly equiv­a­lent to the Reich­stag fire that pro­vided the social oppor­tu­nity for the Nazi take-over of Ger­many.

I am not sug­gest­ing that, like the Nazis, the author­i­tar­ian forces in Amer­ica actu­ally had a direct role in per­pe­trat­ing this mind-blistering tragedy. (Though their indi­rect role deserves a much longer dis­cus­sion.)

Nev­er­the­less, noth­ing could serve those who believe that Amer­i­can “safety” is more impor­tant than Amer­i­can lib­erty bet­ter than some­thing like this. Con­trol freaks will dine on this day for the rest of our lives.

Within a few hours, we will see begin­ning the most vig­or­ous efforts to end what remains of free­dom in Amer­ica. Those of who are will­ing to sac­ri­fice a lit­tle — largely illu­sory — safety in order to main­tain our faith in the orig­i­nal ideals of Amer­ica will have to fight for those ideals just as vig­or­ously.

I beg you to begin NOW to do what­ever you can — whether writ­ing your pub­lic offi­cials, join­ing the ACLU or EFF, tak­ing to the streets, or liv­ing vis­i­bly free and fear­less lives — to pre­vent the spasm of con­trol mania from destroy­ing the dreams that far more have died for over the last two hun­dred twenty five years than died this morn­ing.

Don’t let the ter­ror­ists or (their nat­ural allies) the fas­cists win.

Remem­ber that the goal of ter­ror­ism is to cre­ate increas­ingly par­a­lytic total­i­tar­i­an­ism in the gov­ern­ment it attacks. Don’t give them the sat­is­fac­tion.

Fear noth­ing. Live free.

And, please, let us try to for­give those who have com­mit­ted these appalling crimes. If we hate them, we will become them.

May God — or What­ever you want to call It — bless us all. We’ll need it.

Courage,

John Perry

And here’s what he wrote the other day:

The answer to ter­ror­ism is not fear. Nor is it vio­lence. Nor is it trans­form­ing our coun­try in the very ways Al Queda wished, thus betray­ing every­thing Amer­ica stood for and becom­ing an arbi­trar­ily vio­lent and sur­veil­lant nation that rou­tinely tor­tures per­ceived ene­mies and incar­cer­ates them indef­i­nitely with­out due process.

If only we’d had the courage and self-assurance to say, “Nice shoot­ing, Ass­holes, but we have lots of tall build­ings.” And left it at that. If only we’d had the courage to respond to ter­ror­ism with a stead­fast unwill­ing­ness to be ter­ror­ized. If only we’d rec­og­nized the trap we were being led into. But we didn’t.
Now Amer­ica is a par­ody of what it was that day 10 years ago. We have bank­rupted our­selves and slaugh­tered tens of thou­sands with point­less wars of reac­tion. We have gut­ted our enlight­ened guar­an­tees of civil lib­erty and gov­ern­men­tal restraint. We have lost our way. And we have become the very mon­ster Osama bin Laden per­ceived us to be.

This is a sad day indeed. Not merely because it refreshes the tragedies of that ter­ri­ble day, but because it also reminds us of all the tragedies — most of them far worse and more per­ma­nent in effect — that we sub­se­quently inflicted upon our­selves and on count­less inno­cents here and abroad in reac­tion to those events.

Fox-Amphoux roofscape, originally uploaded by jjn1.

Today we went to one of my favourite places in the Var — the tiny hilltop village of Fox-Amphoux. It’s an old Roman village at the intersection of two Roman roads, 540m above sea level with a lovely panoramic view of the surrounding countryside and it’s one of the quietest and most peaceful places I know. It has no shops, one tiny hotel and an artist’s studio. We sat on the steps of the church, in the shade of a nettle tree that is believed to be several hundred years old, and had a delicious picnic.

The village has one claim to fame, though. The clue is in this crude plaque:

It’s the birthplace of Paul de Barras, who was one of the leading figures in revolutionary and post-revolutionary France, and was for four years one of the most powerful men in France. (He was the lead member of the five-man French Directory between 1795 and 1799.)

Given the difficulties of communication at the time, one wonders how much the inhabitants of this place ever knew about their famous son. And whether he ever visited it after he’d gone on to greater things.